On 01/11/2010 06:48 PM, Karel Klic wrote:
> The only problem with this patch is that it assumes that "private
> groups" are used on the system. That is, a user "karel" belongs to
group
> "karel", and not to a common group "users". I do not know whether
this
> is true for all desktop and server deployments.
> (If all users share the same group, they will also be able to read other
> user's crashes, and we do not want that.)
We can't rely on this, I think group per user is not default on many
systems.

>
> An alternative to this patch is setting the option MakeCompatCore
> default and make everything in /var/cache/abrt/ readable only by ABRT,
> as it was proposed by Jiri
>
This seems better as we restore the original coredumping behaviour, but
this was an idea from the top of my head and I didn't think about it
much, so it might have some side effects.

I decided to commit it, as it does not add new code, but fixes the
currently broken code at least for systems with private groups.

On 01/11/2010 07:14 PM, Jiri Moskovcak wrote:
> On 01/11/2010 06:48 PM, Karel Klic wrote:
>> The only problem with this patch is that it assumes that "private
>> groups" are used on the system. That is, a user "karel" belongs to
group
>> "karel", and not to a common group "users". I do not know
whether this
>> is true for all desktop and server deployments.
>> (If all users share the same group, they will also be able to read other
>> user's crashes, and we do not want that.)
>
> We can't rely on this, I think group per user is not default on many
> systems.
I agree, this must be solved.
>>
>> An alternative to this patch is setting the option MakeCompatCore
>> default and make everything in /var/cache/abrt/ readable only by ABRT,
>> as it was proposed by Jiri
>>
> This seems better as we restore the original coredumping behaviour, but
> this was an idea from the top of my head and I didn't think about it
> much, so it might have some side effects.
I decided to commit it, as it does not add new code, but fixes the
currently broken code at least for systems with private groups.